Skip to content

chore(deps): bump pyasn1 from 0.5.0 to 0.6.3 in /services/gtfs-rt-archiver-v3#4944

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/services/gtfs-rt-archiver-v3/pyasn1-0.6.3
Open

chore(deps): bump pyasn1 from 0.5.0 to 0.6.3 in /services/gtfs-rt-archiver-v3#4944
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/services/gtfs-rt-archiver-v3/pyasn1-0.6.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2026
edited
Loading

Bumps pyasn1 from 0.5.0 to 0.6.3.

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
  • Fixed OverflowError from oversized BER length field.
  • Fixed DeprecationWarning stacklevel for deprecated attributes.
  • Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

  • Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
  • Added support for Python 3.14.
  • Added SECURITY.md policy.
  • Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Release 0.6.1

It's a minor release.

  • Added support for Python 3.13.
  • Cleaned Python 2-related code.
  • Removed bdist_wheel universal flag from setup.cfg.

All changes are noted in the CHANGELOG.

Release 0.6.0

It's a major release where we drop Python 2 support entirely. The most significant changes are:

  • Removed support for EOL Python 2.7, 3.6, 3.7
  • Added support for previously missing RELATIVE-OID construct
  • Updated link to Layman's Guide

All changes are noted in the CHANGELOG.

Release 0.5.1

It's a minor release.

  • Added support for PyPy 3.10 and Python 3.12
  • Updated RTD configuration to include a dummy index.rst redirecting to contents.html, ensuring compatibility with third-party documentation and search indexes.
  • Fixed the API breakage wih decoder.decode(substrateFun=...). A substrateFun passed to decoder.decode() can now be either v0.4 Non-Streaming or v0.5 Streaming. pyasn1 will detect and handle both cases transparently. A substrateFun passed to one of the new streaming decoders is still expected to be v0.5 Streaming only.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

Revision 0.6.2, released 16-01-2026

Revision 0.6.1, released 10-09-2024

... (truncated)

Commits
  • af65c3b Prepare release 0.6.3
  • 5a49bd1 Merge commit from fork
  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
  • d7cb42d Fix OverflowError from oversized BER length field (#100)
  • e7356f8 Prepare release 0.6.2
  • 3908f14 Merge commit from fork
  • 0a7e067 Add support for Python 3.14 (#97)
  • 33656e9 Create Security Policy
  • fa62307 fix for issue #91: unit tests failing due to missing code (#92)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 17, 2026
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 17, 2026
@dependabot dependabot bot added the python Pull requests that update Python code label Mar 17, 2026
@dependabot
Bump pyasn1 from 0.5.0 to 0.6.3 in /services/gtfs-rt-archiver-v3
2b38979 
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.5.0 to 0.6.3.
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.5.0...v0.6.3)

---
updated-dependencies:
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title Bump pyasn1 from 0.5.0 to 0.6.3 in /services/gtfs-rt-archiver-v3 chore(deps): bump pyasn1 from 0.5.0 to 0.6.3 in /services/gtfs-rt-archiver-v3 Mar 27, 2026
@dependabot dependabot bot force-pushed the dependabot/pip/services/gtfs-rt-archiver-v3/pyasn1-0.6.3 branch from 8dd81d9 to 2b38979 Compare March 27, 2026 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evansiroky evansiroky Awaiting requested review from evansiroky evansiroky is a code owner

@vevetron vevetron Awaiting requested review from vevetron vevetron is a code owner

@tiffanychu90 tiffanychu90 Awaiting requested review from tiffanychu90 tiffanychu90 is a code owner

@ohrite ohrite Awaiting requested review from ohrite ohrite is a code owner

@erikamov erikamov Awaiting requested review from erikamov erikamov is a code owner

@charlie-costanzo charlie-costanzo Awaiting requested review from charlie-costanzo charlie-costanzo is a code owner

@mjumbewu mjumbewu Awaiting requested review from mjumbewu mjumbewu is a code owner

@fsalemi fsalemi Awaiting requested review from fsalemi fsalemi is a code owner

@raebot raebot Awaiting requested review from raebot raebot is a code owner

@jparr jparr Awaiting requested review from jparr jparr is a code owner

@jiaxiliu95 jiaxiliu95 Awaiting requested review from jiaxiliu95 jiaxiliu95 is a code owner

@lauriemerrell lauriemerrell Awaiting requested review from lauriemerrell lauriemerrell is a code owner

@mrtopsyt mrtopsyt Awaiting requested review from mrtopsyt mrtopsyt is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants